Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Can't visit anti malware websites, can't run in safe mode etc

pat208

Posted 02 June 2011 - 12:56 AM

pat208

Member

Member

23 posts

Hi i would really appreciate some help. I got a virus on my computer a couple of days ago and since then i am unable to go to any websites related to antimalware eg. kaspersky, malwarebytes.org, bleepingcomputer (apart from this website ) other websites are fine though. I also can't open my kaspersky or load my computer in safe mode. Each time i press safe mode on start up the computer turns off then back on again and doesn't let me go any further until i select run windows normally. I did manage to download malwarebytes from another website and after i renamed it when installing i was able to do a scan and it found a few things which i deleted and assumed had solved the problem but it hasn't and now when i do a full scan with malwarebytes it finds nothing so if anyone could help me i'd be grateful. thanks!
Patrick

Advertisements

Dakeyras

Posted 03 June 2011 - 03:40 AM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.

The fixes are specific to your problem and should only be used for this issue on this machine!

The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.

If you don't know, stop and ask! Don't keep going on.

Please reply to this thread. Do not start a new topic.

Refrain from running self fixes as this will hinder the malware removal process.

It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Could you please post the Malwarebytes' Anti-Malware log(if available) that shows the infections removed you mentioned please. It can be located as follows:-

Dakeyras

Posted 03 June 2011 - 01:25 PM

Your welcome and thanks for the update, lets proceed as follows shall we...

Peer to Peer & Illegal Software Advice:

I see you have Azureus, P2P Networking and Vuze installed...Since it appears they have been used you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

My advice would be to uninstall all of the aforementioned, however if you opt not too..please refrain from using either during the course of the Malware Removal process, thank you.

With regard to the illegal(cracked) sofware you have downloaded I am going to ask you to remove them via below custom OTM scrip. Otherwise I will withdraw my assistance per this forums Terms of Use. We will also remove some out of date software which are a security risk. We will in turn update these at a later date.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste

Then click the red MoveIt! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.

If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

pat208

Posted 03 June 2011 - 02:36 PM

pat208

Member

Topic Starter

Member

23 posts

Thanks for your help here is the OTM log:

All processes killed========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Documents and Settings\Julie\Desktop\cmd.bat deleted successfully.C:\Documents and Settings\Julie\Desktop\cmd.txt deleted successfully.C:\WINDOWS\prefetch\ACRORD32INFO.EXE-1A61B617.pf moved successfully.C:\WINDOWS\prefetch\ADOBEARM.EXE-00A55D68.pf moved successfully.C:\WINDOWS\prefetch\ADOBE_UPDATER.EXE-36985884.pf moved successfully.C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.C:\WINDOWS\prefetch\ARTISTEER.EXE-22437201.pf moved successfully.C:\WINDOWS\prefetch\AVP.EXE-08A3C4E6.pf moved successfully.C:\WINDOWS\prefetch\BELKINWCUI.EXE-0A05052B.pf moved successfully.C:\WINDOWS\prefetch\BGGOOGLE.EXE-03E658C3.pf moved successfully.C:\WINDOWS\prefetch\CCLEANER.EXE-09CFC2BC.pf moved successfully.C:\WINDOWS\prefetch\CHROME.EXE-161B3EBA.pf moved successfully.C:\WINDOWS\prefetch\CKSCANNER.EXE-327D420E.pf moved successfully.C:\WINDOWS\prefetch\CLMLUPNPBROWSER.EXE-003B4030.pf moved successfully.C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.C:\WINDOWS\prefetch\CONTROL.EXE-24FBF8B3.pf moved successfully.C:\WINDOWS\prefetch\CSCRIPT.EXE-0A13A05C.pf moved successfully.C:\WINDOWS\prefetch\CTFMON.EXE-05E57A5E.pf moved successfully.C:\WINDOWS\prefetch\DDS.PIF-0D680F84.pf moved successfully.C:\WINDOWS\prefetch\DEFRAG.EXE-2858C7E2.pf moved successfully.C:\WINDOWS\prefetch\DFRGNTFS.EXE-38C3807C.pf moved successfully.C:\WINDOWS\prefetch\DRVINS32.EXE-296DA700.pf moved successfully.C:\WINDOWS\prefetch\DUMPREP.EXE-0AF2BF67.pf moved successfully.C:\WINDOWS\prefetch\DWWIN.EXE-2C373FB7.pf moved successfully.C:\WINDOWS\prefetch\EXEPATHELPER.COM-0EC8F5B2.pf moved successfully.C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf moved successfully.C:\WINDOWS\prefetch\EXPLORER.EXE-14015D04.pf moved successfully.C:\WINDOWS\prefetch\EXPLORER.EXE-1CCEDDDE.pf moved successfully.C:\WINDOWS\prefetch\FIND.EXE-0EEAD1A7.pf moved successfully.C:\WINDOWS\prefetch\FINDSTR.EXE-1A4FC238.pf moved successfully.C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-00EAA129.pf moved successfully.C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-160E1F62.pf moved successfully.C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf moved successfully.C:\WINDOWS\prefetch\GRPCONV.EXE-375690AD.pf moved successfully.C:\WINDOWS\prefetch\HELPSVC.EXE-1C192440.pf moved successfully.C:\WINDOWS\prefetch\HITMANPRO35[1].EXE-29D118F6.pf moved successfully.C:\WINDOWS\prefetch\IEXPLORE.EXE-035D5A3F.pf moved successfully.C:\WINDOWS\prefetch\IEXPLORE.EXE-183BD598.pf moved successfully.C:\WINDOWS\prefetch\IEXPLORE.EXE-1894654A.pf moved successfully.C:\WINDOWS\prefetch\IEXPLORE.EXE-1F2278B3.pf moved successfully.C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf moved successfully.C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf moved successfully.C:\WINDOWS\prefetch\IMJPMIG.EXE-32ABEE9A.pf moved successfully.C:\WINDOWS\prefetch\IPCONFIG.EXE-05D7908C.pf moved successfully.C:\WINDOWS\prefetch\JAUREG.EXE-0254770C.pf moved successfully.C:\WINDOWS\prefetch\JAVAW.EXE-107A73BD.pf moved successfully.C:\WINDOWS\prefetch\JAVAW.EXE-392A4E93.pf moved successfully.C:\WINDOWS\prefetch\JAVAWS.EXE-2E12A933.pf moved successfully.C:\WINDOWS\prefetch\JQS.EXE-31B60334.pf moved successfully.C:\WINDOWS\prefetch\JUSCHED.EXE-0219AD6E.pf moved successfully.C:\WINDOWS\prefetch\JUSCHED.EXE-04906F29.pf moved successfully.C:\WINDOWS\prefetch\JUSCHED.EXE-0C11AB3F.pf moved successfully.C:\WINDOWS\prefetch\KIS11.0.2.556EN.EXE-08E6799C.pf moved successfully.C:\WINDOWS\prefetch\KLWTBLFS.EXE-2E9C0B57.pf moved successfully.C:\WINDOWS\prefetch\KLWTBWS.EXE-3B8F3B7E.pf moved successfully.C:\WINDOWS\prefetch\Layout.ini moved successfully.C:\WINDOWS\prefetch\LOGON.SCR-24ADF392.pf moved successfully.C:\WINDOWS\prefetch\LOGONUI.EXE-312BE1BF.pf moved successfully.C:\WINDOWS\prefetch\MBAM.EXE-372C59BA.pf moved successfully.C:\WINDOWS\prefetch\MBR.DAT-3856CDC0.pf moved successfully.C:\WINDOWS\prefetch\MSCONFIG.EXE-1EF1EA0F.pf moved successfully.C:\WINDOWS\prefetch\MSFEEDSSYNC.EXE-05335A39.pf moved successfully.C:\WINDOWS\prefetch\MSI76.TMP-08AE6D9F.pf moved successfully.C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf moved successfully.C:\WINDOWS\prefetch\NET.EXE-151FD66D.pf moved successfully.C:\WINDOWS\prefetch\NET1.EXE-02C3403D.pf moved successfully.C:\WINDOWS\prefetch\NETCFG.EXE-00C819BD.pf moved successfully.C:\WINDOWS\prefetch\NIRCMD.EXE-046B7D23.pf moved successfully.C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf moved successfully.C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.C:\WINDOWS\prefetch\OTM.EXE-007F766B.pf moved successfully.C:\WINDOWS\prefetch\PCMSERVICE.EXE-2E404631.pf moved successfully.C:\WINDOWS\prefetch\PEV.DAT-17D56867.pf moved successfully.C:\WINDOWS\prefetch\PEV.EXE-030D8B51.pf moved successfully.C:\WINDOWS\prefetch\PEV.EXE-0383F6EA.pf moved successfully.C:\WINDOWS\prefetch\PEV.EXE-03FA6283.pf moved successfully.C:\WINDOWS\prefetch\PROXYCHECK.EXE-21564EEE.pf moved successfully.C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf moved successfully.C:\WINDOWS\prefetch\READER_SL.EXE-2D713FFC.pf moved successfully.C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf moved successfully.C:\WINDOWS\prefetch\REMOVE.EXE-067478FC.pf moved successfully.C:\WINDOWS\prefetch\RKILL.COM-11DBFDA1.pf moved successfully.C:\WINDOWS\prefetch\RSVP.EXE-04BF6A6A.pf moved successfully.C:\WINDOWS\prefetch\RUNDLL32.EXE-3DE4948B.pf moved successfully.C:\WINDOWS\prefetch\RUNDLL32.EXE-41FB74E5.pf moved successfully.C:\WINDOWS\prefetch\RUNDLL32.EXE-4532DDE6.pf moved successfully.C:\WINDOWS\prefetch\RUNDLL32.EXE-4B41185F.pf moved successfully.C:\WINDOWS\prefetch\RUNDLL32.EXE-527366BD.pf moved successfully.C:\WINDOWS\prefetch\RUNDLL32.EXE-532DA9D9.pf moved successfully.C:\WINDOWS\prefetch\RUNDLL32.EXE-55E8DFE1.pf moved successfully.C:\WINDOWS\prefetch\RUNDLL32.EXE-6BCB1F8E.pf moved successfully.C:\WINDOWS\prefetch\RUNONCE.EXE-01CA3A2F.pf moved successfully.C:\WINDOWS\prefetch\SED.DAT-192C3A0B.pf moved successfully.C:\WINDOWS\prefetch\SED.EXE-0DA6B2E6.pf moved successfully.C:\WINDOWS\prefetch\SERPATTACKS.EXE-0E533C9B.pf moved successfully.C:\WINDOWS\prefetch\SETUP.EXE-00254C73.pf moved successfully.C:\WINDOWS\prefetch\SETUP_WM.EXE-02751BCA.pf moved successfully.C:\WINDOWS\prefetch\SOL.EXE-213C4FA3.pf moved successfully.C:\WINDOWS\prefetch\SORT.EXE-19728AC5.pf moved successfully.C:\WINDOWS\prefetch\SOUNDMAN.EXE-2979F3F4.pf moved successfully.C:\WINDOWS\prefetch\SRVANY.EXE-26601D00.pf moved successfully.C:\WINDOWS\prefetch\SSUPDATE.EXE-22221678.pf moved successfully.C:\WINDOWS\prefetch\SUPERANTIPATWARE.EXE-3B87B2E5.pf moved successfully.C:\WINDOWS\prefetch\SUPERANTISPYWARE.EXE-28713C90.pf moved successfully.C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.C:\WINDOWS\prefetch\SWREG.DAT-12645A3A.pf moved successfully.C:\WINDOWS\prefetch\SWREG.EXE-02B3068B.pf moved successfully.C:\WINDOWS\prefetch\TINTSETP.EXE-2DD83AEF.pf moved successfully.C:\WINDOWS\prefetch\TRAFFICTRAVIS.EXE-0F3DF55D.pf moved successfully.C:\WINDOWS\prefetch\UNINSTALL.EXE-1BE64D42.pf moved successfully.C:\WINDOWS\prefetch\UNINSTALL.EXE-28BFC885.pf moved successfully.C:\WINDOWS\prefetch\USERINIT.EXE-19E45DEF.pf moved successfully.C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.C:\WINDOWS\prefetch\VLC.EXE-02F29DFD.pf moved successfully.C:\WINDOWS\prefetch\VTTIMER.EXE-23FE10E9.pf moved successfully.C:\WINDOWS\prefetch\WGATRAY.EXE-350D4455.pf moved successfully.C:\WINDOWS\prefetch\WINLOGON.EXE-17D061E6.pf moved successfully.C:\WINDOWS\prefetch\WMI32.EXE-17D11449.pf moved successfully.C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.C:\WINDOWS\prefetch\WMPLAYER.EXE-1ACCF805.pf moved successfully.C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.C:\WINDOWS\prefetch\XPNETDIAG.EXE-1BD7AA5A.pf moved successfully.c:\documents and settings\julie\desktop\bigfolder\crack folder moved successfully.c:\documents and settings\julie\desktop\computer software\lunasoft marketing - web content studio [software (msi) + crack (exe) + instructions(txt)]\instructions.txt moved successfully.c:\documents and settings\julie\desktop\computer software\lunasoft marketing - web content studio [software (msi) + crack (exe) + instructions(txt)]\wcs-setup.msi moved successfully.c:\program files\azureus\chris rempel - affiliate intelligence archives\module 3 - google keyword suggestions\Crackers.csv moved successfully.c:\program files\azureus\EditPlus v3.10 + keygen [xmelzax] folder moved successfully.========== COMMANDS ==========

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any other symptoms and or problems encountered?

pat208

Posted 04 June 2011 - 03:21 AM

pat208

Member

Topic Starter

Member

23 posts

Hi Dakeyras there's only one user account my sister owned the computer before me that's why it's called Julie. i had downloaded rkill a couple of days ago when i first got the problem i had also download something called exehelper. One of them (i'm not sure which one) solved the problem of not being able to visit certain websites but the problem returned again very soon after and now neither of them work. I followed the instructions in the last post but still can't visit the bleepingcomputer.com website to download combofix.